Hi Dave, > Either (re-configure and) build with no-tlsext; > or it appears to me that SSL_[CTX_]set_option > of (or including) SSL_OP_NO_TICKET will stop this one. > > (I bet this is going to become a FAQ.) >
I tried SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET), and it worked. Thanks for your help amit. ----- Original Message ---- > From: Dave Thompson <dave.thomp...@princetonpayments.com> > To: openssl-users@openssl.org > Sent: Monday, April 27, 2009 3:08:44 PM > Subject: RE: Openssl 0.9.8j Client Hello > > > From: owner-openssl-us...@openssl.org On Behalf Of Amit Singh > > Sent: Saturday, 25 April, 2009 01:49 > > > I upgraded from Openssl 0.9.8g to 0.9.8j. Our client > > interfaces to a picky SSL server implementation in JAVA, > > version currently unknown. > > > > With openssl 0.9.8j the connection does not establish with > > this server. > > > > Basically, the server does not respond to a client hello. > > > > I dumped the client hello msg (thanks for providing the > > msg_callback routine) sent out from 0.9.8j & 0.9.8g and there > > are differences in either the cipher suite spec or > > compression method bytes at the end of the msg. > > > No, it's TLS extensions, now enabled by default in 0.9.8j. > And apparently not supported by your picky server. > In particular, 0x23=35 seems to be session_ticket. > > Either (re-configure and) build with no-tlsext; > or it appears to me that SSL_[CTX_]set_option > of (or including) SSL_OP_NO_TICKET will stop this one. > > (I bet this is going to become a FAQ.) > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
